JP2019522945A - Operations related to user equipment that uses secret identifiers - Google Patents

Abstract

A method performed by a network node (106) of a serving terrestrial public mobile communication network (PLMN) (112) associated with a user equipment (UE) (102), the secret identifier (110) uniquely identifying the UE The secret identifier is a secret shared between the UE and at least the home PLMN of the UE and shared with the network node by the home PLMN, and using the secret identifier Performing an operation (108) associated with the UE. Other methods, computer programs, computer program products, network nodes, and serving PLMNs are also disclosed. [Selection] Figure 4

Description

  The present invention relates to a method in which an identifier associated with a user equipment (UE) is used in a serving terrestrial public mobile communication network (PLMN). The invention also relates to a network node, a public mobile land network, a computer program, and a computer program product.

  In existing wireless network systems (eg, 2G, 3G, 4G systems), certain operations may be performed by a serving PLMN (other than the UE's home PLMN), such as an International Mobile Subscriber Identity (IMSI), etc. Requires access to a specific identifier of the UE. However, knowledge of the long-term identifier corresponding to the UE makes it possible for a third party to endanger the privacy of the user, for example, by determining the location of the user based on the identifier. Eventually, this UE's identifier is typically kept private and treated as a secret, so the UE, the UE's home PLMN, and any other party authorized to access the identification number by the home PLMN or UE or Often only devices are available. Some existing networks communicate the UE's identifier between the PLMN and the device using encryption methods and / or pseudonyms for the UE's identification number, but the communicated identifier is that of some serving PLMN It is not the secret long-term identifier of the UE required by the operation.

  Therefore, for reliable communication of secret UE identifiers to ensure that required UE functionality is maintained throughout the PLMN without exposing sensitive user information to untrusted parties. Improved techniques are needed.

  Within the third generation partnership project, overall security-related discussions for next generation systems are ongoing. 3GPP TR33.899 V0.2.0 discusses threats, potential requirements, and solutions for such systems. This document states that lawful interception and other local regulations must be considered when designing a new system, but the disclosure of subscriber identification numbers can lead to privacy incidents Also state that. No solution is provided for the complex problem of allowing serving PLMNs to perform lawful intercepts, for example, without risking false subscriber intercepts, abnormal billing, and unauthorized access to network resources .

  The purpose of one or more embodiments of the present invention is to enable improved reliable communication of secret UE identifiers throughout the PLMN without exposing sensitive user information to untrusted parties. is there.

  One or more embodiments herein enable communication of the UE's secret identifier from the UE's home PLMN to the serving PLMN. Once obtained by the serving PLMN, the secret identifier may be utilized by the serving PLMN to perform operations related to the UE. In this way, it is also realized that the complexity and security threats of the network system can be reduced for the operation in the serving PLMN based on the pseudonym identifier.

  A first aspect of the invention relates to a method performed by a network node of a serving PLMN associated with a UE. In this method, the network node obtains a secret identifier that uniquely identifies the UE. The secret identifier is a secret shared between the UE and at least the home PLMN of the UE and shared with the network node by the home PLMN. The method also includes a network node that performs operations associated with the UE using the secret identifier.

  A second aspect of the invention relates to a method performed by a network node of a home PLMN associated with a UE. The network node determines to reveal a secret identifier that uniquely identifies the UE to the serving PLMN of the UE. The secret identifier is a secret shared between the UE and at least the home PLMN. According to the method, the network node of the home PLMN reveals a secret identifier to the serving PLMN. Disclosing the secret identifier to the serving PLMN allows the serving PLMN to perform operations related to the UE using the secret identifier.

  The third aspect relates to the network node of the serving PLMN associated with the UE. The network node is to obtain a secret identifier that uniquely identifies the UE, the secret identifier being shared between the UE and at least the home PLMN of the UE, and a secret shared with the network node by the home PLMN. , And to perform operations related to the UE using the secret identifier.

  The fourth aspect relates to the network node of the home PLMN associated with the UE. The network node determines to reveal a secret identifier that uniquely identifies the UE to the serving PLMN of the UE, wherein the secret identifier is a secret shared between the UE and at least the home PLMN. And revealing a secret identifier to the serving PLMN, the secret identifier being configured to use the secret identifier to allow the serving PLMN to perform operations related to the UE. .

  The fifth aspect relates to a network node of a serving PLMN associated with a UE, the network node comprising a processor and a memory, the memory containing instructions executable by the processor, whereby the network node uniquely identifies the UE. Obtaining a secret identifier, wherein the secret identifier is a secret shared between the UE and at least the home PLMN of the UE and shared with the network node by the home PLMN, and It is set to perform an operation related to the UE using the identifier.

  A sixth aspect relates to a network node of a home PLMN associated with a UE, the network node comprising a processor and a memory, the memory containing instructions executable by the processor, whereby the network node uniquely identifies the UE Determining the secret identifier to identify to the serving PLMN of the UE, wherein the secret identifier is a secret shared between the UE and at least the home PLMN, and secret to the serving PLMN Revealing the identifier, wherein the secret identifier is set to reveal, allowing the serving PLMN to perform operations related to the UE using the secret identifier.

  The seventh aspect relates to the network node of the serving PLMN associated with the UE. The network node is a first module configured to obtain a secret identifier that uniquely identifies the UE, wherein the secret identifier is shared between the UE and at least the home PLMN of the UE and is networked by the home PLMN A first module, which is a secret shared with the node, and a second module that performs operations associated with the UE using the secret identifier.

  The eighth aspect relates to the network node of the home PLMN associated with the UE. The network node is a first module configured to determine to reveal a secret identifier that uniquely identifies the UE to the serving PLMN of the UE, wherein the secret identifier is shared between the UE and at least the home PLMN A second module configured to reveal a secret identifier to the serving PLMN, wherein the secret identifier uses the secret identifier to perform operations related to the UE And a second module.

  A ninth aspect relates to a computer program comprising instructions that, when executed by at least one processor of a network node, cause the network node to perform any one of the above methods.

  The tenth aspect relates to a carrier for containing a computer program, wherein the carrier is one of an electrical signal, an optical signal, a wireless signal, or a computer readable storage medium.

  The eleventh aspect relates to a method performed by a serving PLMN associated with a UE. The method is to receive a secret identifier that uniquely identifies the UE from the home PLMN of the UE after the UE has been successfully authenticated by the home PLMN or the serving PLMN, where the secret identifier is between the UE and the home PLMN of the UE. The steps related to receiving and performing actions associated with the UE, which are secrets previously shared between.

  The twelfth aspect relates to a method performed by a home PLMN associated with a UE. The method includes determining to reveal a secret identifier that uniquely identifies the UE to the UE's serving PLMN, wherein the secret identifier is a secret shared between the UE and the home PLMN. Revealing the secret identifier to the serving PLMN after the UE has been successfully authenticated by the home PLMN or the serving PLMN, the secret identifier allowing the serving PLMN to perform operations related to the UE; Steps involved.

  A thirteenth aspect relates to a serving PLMN associated with a UE. The serving PLMN now comprises at least two network nodes, the first network node providing a secret identifier that uniquely identifies the UE after the UE has been successfully authenticated by the home PLMN or the serving PLMN. The secret identifier is set to be received from the PLMN and the secret identifier is a secret shared between the UE and the home PLMN. The second network node is in this serving PLMN that is configured to perform operations related to the UE using the secret identifier.

  The secret identifier may be an unencrypted long-term identifier, eg, IMSI, in one or more embodiments of the aspects described above.

  The UE may be authenticated by the serving PLMN in one or more embodiments of the aspects described above. In such an embodiment, the secret identifier may be sent from the home PLMN in an update-location-answer message from the home PLMN.

  The operation may be lawful intercept or charging control associated with the UE in one or more embodiments of the aspects described above.

It is a figure which shows the communication network corresponding to the example of embodiment of this invention. FIG. 3 illustrates a method performed by a network node of a serving PLMN according to one or more embodiments. FIG. 4 illustrates a method performed by a network node of a home PLMN according to one or more embodiments. It is a figure which shows the process and signal flow which are performed in the example of embodiment of this invention. It is a figure which shows the process and signal flow which are performed in the example of embodiment of this invention. It is a figure which shows the process and signal flow which are performed in the example of embodiment of this invention. FIG. 4 is a diagram illustrating an example aspect of a network node of a serving PLMN in an example embodiment of the present invention. It is a figure which shows the aspect of the example of the network node of a home PLMN in the example of embodiment of this invention. FIG. 3 illustrates an embodiment of a serving PLMN.

  FIG. 1 shows a communication system 100 that includes a home PLMN 114 for the UE 102 and a serving PLMN 112 that provides network access and services to the UE 102. As shown in FIG. 1, the serving PLMN 112 includes a network node 106 (among a plurality of network devices not explicitly shown) that is configured to perform at least operations 108 associated with the UE 102. (There may be other UE related actions to take place, but not shown). In some examples, the secret identifier 110 of the UE 102 must be available to the network node 106 (or the serving PLMN 112 as a whole) for the operation 108 to occur. However, by default, this secret identifier 110 may be kept secret between the home PLMN 114 and the UE 102 (and potentially other devices and / or networks for which the secret identifier 110 was previously revealed). Accordingly, in at least some examples, serving PLMN 112 may be required to obtain secret identifier 110 as a prerequisite for performing operation 108. UEs are, for example, mobile phones, laptops, tablets, and embedded devices in, for example, white goods (such as refrigerators) or vehicles (such as infotainment systems in passenger cars or truck dashboards) Good. The network node 106 includes, for example, an access and mobility management function (AMF: Access and Mobility Management Function), a security anchor function (SEAF), a security context management function (SCMF), and a security context management function (SCMF). It may be SMF: Session management Function (Policy Management Function) and Policy Control Function (PCF).

  In a feature of the present invention, the network node 106 of the serving PLMN 112 may receive the UE 102 secret identifier 110 via one or more messages 101 sent by the network node 116 (or any other authorized device) of the home PLMN 114, for example. To get. By revealing this secret identifier 110 to the serving PLMN 112, the home PLMN 114 enables the network node 106 of the serving PLMN 112 to perform the operation 108. Other features regarding the operation, structure, and features of the communication system 100 shown in FIG. 1 and devices and networks within the communication system 100 are introduced and described below with reference to the remaining figures. The network node 116 includes, for example, an authentication server function (AUSF), an authentication credential repository and a processing function (ARPF), integrated data management (UDM), and unified data management (UDM). , Authorization and billing server (Authentication, Authorization and Accounting server)), structured data storage function (SDSF), and unstructured data storage function (UD) F: Unstructured Data may be a Storage Function).

  Before proceeding with a more detailed description of example embodiments, it should be noted that any disclosure referring to a specific PLMN may also be understood as referring to a network node associated with a specific PLMN. . Similarly, any disclosure that refers to a particular network node may also be understood as referring to the PLMN associated with the particular network node. For example, any feature disclosed corresponding to or performed by the home PLMN 114 may in some cases correspond to or be performed by the network node 116 of FIG. Should be understood. Similarly, any feature disclosed corresponding to or performed by serving PLMN 112 may in some cases correspond to or be performed by network node 106 of FIG. It should be understood as well. That said, any two or more features or functionalities described as being performed by the PLMN should always be understood as being associated with or performed by the exact same device within the PLMN. is not. Instead, disclosed as being performed by or associated with a specific PLMN, or as being performed by a specific PLMN network node or associated with a specific PLMN network node Any two or more features to be taken are to be understood as possibly being associated with different examples of PLMN network nodes or performed by different examples of PLMN network nodes. An example in this regard is a device comprising two network nodes of the serving PLMN, where the first network node receives the secret identifier 110 from the home PLMN and then with the knowledge of the secret identifier 110 the second network node Can perform operations related to the UE 102.

  In an example illustrating this, when the present disclosure states that “serving PLMN 112 stores the public identifier in its memory”, “network node 106 may store the public identifier in the memory of network node 106 or It should also be understood as disclosing that “the public identifier is stored in any other network node or device of the serving PLMN 112 that contains the memory”. Further, if this disclosure further states that “serving PLMN 112 compares the encrypted secret identifier with the public identifier”, then “compare public identifier with encrypted secret identifier stores public identifier above” At the same network node 106 or at any other network node (other than the specific network node whose public identifier is stored in memory) of the serving PLMN that can be understood as making such a comparison. It is to be understood that this may be disclosed as well. In other words, the home PLMN and the serving PLMN, in some cases, comprise a plurality of network nodes, and the disclosed functions or features considered to be in the PLMN or a network node of the PLMN are one or more of the plurality of network nodes. Should be understood as being able to

  FIG. 2 illustrates an exemplary method 200 performed by the network node 106 of the serving PLMN 112 to perform an operation 108 that requests knowledge (or access to the secret identifier 110) of the UE 102 secret identifier 110 served by the serving PLMN 112. Show. In some examples, the required secret identifier 110 may identify the UE itself, but may additionally or alternatively be associated with a specific user or subscriber account corresponding to the UE, where the subscriber An account can have specific authentication credentials, billing accounts or records, tokens and access policies, service parameters including QoS or subscriber level of one or more services, or each of these, It may be established and / or maintained at the home PLMN 114 of the UE 102. Thus, for the purposes of this disclosure, the term user equipment not only refers to a particular device, but can also refer to a subscriber or user with an associated home PLMN. In other words, the IMSI is typically a Universal Integrated Circuit Card (UICC) / Subscriber Identity Module (SIM) connected to a mobile equipment (ME) that forms the UE. Since the SIM card is stored in the card and can be switched to another ME, the secret identifier 110 in the form of an International Mobile Phone Subscriber Identification Number (IMSI) that uniquely identifies the UE 102 is also the home, not the UE. It can be said that the subscriber / user for the PLMN 114 is uniquely identified. Thus, uniquely identifying the UE 102 means that the IMSI is associated with certain subscribers of the home PLMN in a database included in or connected to the home PLMN. It will be appreciated by those skilled in the art that the IMSI in some systems, such as in at least some current 4G systems, is actually used to identify the UE itself as well as the subscriber. Are known.

  The words “unique” and “uniquely” will of course be understood in this context of the invention. From a philosophical point of view, certain numbers, such as binary numbers, unique within a database or within a cluster of databases associated with a home PLMN, for example, are completely different for completely different subscribers or UEs. It is probably never guaranteed that it will not be found anywhere else, such as in a different computer network or in a private list.

In addition, the secret identifier 110 may be a “long-term” identifier, which for the purposes of this application is an insignificant circumstance that requires replacement for the entire actual period of subscription. If not, this corresponds to a static set of alphanumeric characters (or corresponding digital bit values) that is established based on assumptions, understandings, and intentions that remain unchanged. The secret identifier 110 may be an IMSI and / or a mobile subscriber identification number (MSIN), a mobile network code (MNC), and / or a mobile country code (MCC). It may be a long term identifier such as but not limited to one or more of the values that make up the IMSI. On the other hand, the secret identifier 110 may be a long-term identifier such as an International Mobile Equipment Identity (IMEI), an Internet Protocol (IP) address, or the like, or a globally unique temporary identifier (GUTI). : Globally Unique Temporary Identity (C-RNTI) or between a limited set of devices that can be kept private or can be made private or otherwise private Such as any similar known identifier that can be kept secret It can include a period identifier. For IP addresses as long-term identifiers, static IP addresses are clearly such examples, but depending on the use case, the IP address assigned by the dynamic host configuration protocol server is a long-term identifier Good. In other situations, dynamically assigned IP addresses are considered short-term identifiers. Long-term identifiers as understood by those skilled in the art need not necessarily be permanent identifiers. Persistent / long-term identifier is, occasionally, a subscriber persistent identifier is in the discussion of ^{that:: (5 th Generation 5G)} (SUPI Subscriber Permanent Identifier) and the fifth generation is called.

  Returning to the method 200, at block 202, the network node 106 obtains a secret identifier 110 that uniquely identifies the UE. As described above, the secret identifier 110 is a secret shared between the UE and at least the UE's home PLMN and sent by the home PLMN to the network node 106 (ie, by a limited individual set of networks and devices). Kept private.)

  Further, at block 204 of the method 200, the network node 106 performs an operation 108 associated with the UE 102 and performs the operation 108 using the obtained secret identifier 110. Not all operations of UE related operations performed by the network node or serving PLMN require that the secret identifier 110 be known, but some operations (including some required by law) Requests (or possibly uses) a secret identifier 110 prior to execution. For example, operation 108 may be an operation related to a lawful intercept of the UE. Thus, the serving PLMN that knows the UE's 102 secret identifier 110 can support lawful intercept without the assistance or visibility of the home PLMN. In other examples, operation 108 recognizes one or more UEs that have been previously served by a particular PLMN, and one or more incentives for these UEs to connect to the serving PLMN. (Or incentives to remain connected to the serving PLMN if an optional reselection or handover is imminent), etc. may be of economic or marketing nature, such as . In yet another example, the operation may be certain UE-specific operational service parameters or guarantees, such as setting or modifying one or more quality of service parameters associated with the UE (or user / subscriber). May be related to The operation, on the other hand, may relate to policy and / or charging control associated with the UE 102. These examples provide a limited depiction of some examples of operations that can utilize the UE or network subscriber's secret identifier 110, but obtaining the secret identifier by the serving PLMN or the secret identifier by the home PLMN. The revealing features may be extended to any operation or process that can be applied at the granularity of a single UE.

  In addition to the features of blocks 202 and 204, the method 200 can include additional or alternative aspects not explicitly shown in FIG. For example, the network node 106 of the serving PLMN 112 may receive a public identifier (ie, a non-secret or unencrypted identifier associated with the UE) and / or a pseudonym corresponding to the UE from the UE. After receiving the public identifier and / or pseudonym, the network node 106 may forward the public identifier and / or pseudonym to the home PLMN 114 of the UE. The public identifier and / or pseudonym sent to the home PLMN can serve as an implicit request for the home PLMN 114 to reveal the secret identifier 110 to the serving PLMN 112 (eg, to the network node 106), and the network node 106 An explicit request for the secret identifier 110 may be generated and sent to the home PLMN 114 along with the forwarded public identifier and / or pseudonym. Accordingly, obtaining the secret identifier at block 202 may be in response to forwarding a public identifier and / or pseudonym corresponding to the UE 102.

  As discussed further below, the network node of the serving PLMN and / or home PLMN 114 reveals the secret identifier 110 in response to a malicious request by a third party not authorized to obtain the secret identifier 110. It can be authenticated to help ensure that it is not. Thus, in some examples, the network node 106 can receive the secret identifier 110 only after the UE has been successfully authenticated by the home PLMN (and / or serving PLMN, see below). Thus, if authentication is unsuccessful at the home PLMN, the home PLMN 114 can notify the serving PLMN that the authentication has failed (eg, via a failure message) and simply reveal the secret identifier to the serving PLMN. Rather, this can be served as an implicit indication of authentication failure in some examples. However, if the private identifier 101 is sent by the home PLMN to the serving PLMN (eg, in some examples, after authenticating the home PLMN UE or after confirming the authentication of the serving PLMN), this will be served from the home PLMN 114. The PLMN 112 may be communicated via an Extensible Authentication Protocol (EAP) message.

  As introduced above, authentication of UE 102 may be performed by network node 106 of serving PLMN 112. In order to perform this authentication, the network node 106 determines the public identifier and / or pseudonym of the UE 102 (for identification of the UE targeted for authentication) and the rules and / or rules required to perform the authentication procedure at the network node 106. Alternatively, authentication information containing processing can be requested. Thus, the method 200, in some examples, obtains the public identifier and / or pseudonym of the UE 102 from the UE itself (or from another device that holds this information) and from the home PLMN 114 (eg, from the network node 116). Receiving authentication information can be included. In one aspect, the authentication information is formed in an evolved packet system authentication and key agreement (EPS-AKA) format and via an authentication vector contained in one or more communication messages. Communicated by the home PLMN to the serving PLMN in one or more messages communicated.

  Once the public identifier and / or pseudonym and authentication information are obtained / received by the network node 106 or by the serving PLMN 112, the network node 106 generally determines whether the UE is authenticated (ie, the UE 102 is truly homed). Authentication operation to determine whether the subscriber is a PLMN 114 subscriber or otherwise allowed the home PLMN 114 to reveal the secret identifier 110 to the serving PLMN 112). If the authentication operation is successful (eg, if the operation determines that the UE 102 (or request from the UE 102) is authoritative (ie, the UE 102 is a verified subscriber to the home PLMN 114), the network node 106 In order to notify the home PLMN that the UE has been successfully authenticated by the serving PLMN, an authentication success message can be communicated to the home PLMN. Further, when received and processed at the home PLMN 114, the authentication success message can trigger the home PLMN to send the secret identifier 110 to the serving PLMN.

  In the above example, the serving PLMN 112 receives the secret identifier 110 from the home PLMN after the UE 102 is authenticated by the serving PLMN or by the home PLMN. In these embodiments, the network node 106 generates an authentication information response (AIA) generated after successful authentication of the UE 102 and sent from the home PLMN (eg, according to Diameter authentication, authorization, and accounting (AAA) protocol). : A secret identifier may be received from the home PLMN via an authentication-information-answer) message. Authenticating the home PLMN before sending the secret identifier 110 to the serving PLMN can provide an additional level of security to the method 200, but this is not a requirement of all embodiments. Thus, in some embodiments, the serving PLMN (eg, via network node 106) may receive the secret identifier 110 from the home PLMN 114 before the UE 102 is authenticated by the serving PLMN 112 or the home PLMN 112. In these alternative embodiments, the secret identifier was generated and sent from the home PLMN (eg, Diameter authentication, authorization, and billing management (e.g. May be sent via an update-location-answer (ULA) message (according to the AAA) protocol).

  In a further aspect of some embodiments of the method 200, serving as an additional security measure to avoid unauthorized scattering of the secret identifier 110 and to check that the secret identifier sent by the home PLMN is authentic. The PLMN 112 (eg, via the network node 106) can verify that the public identifier and the acquired secret identifier 101 correspond to the same UE. Although this verification procedure is primarily described by the present disclosure as being performed by network node 106 (or generally by serving PLMN 112), this is not a limiting feature. Alternatively, the verification may alternatively or additionally be performed in the home PLMN 114 and / or by another device or network not shown in FIG. 1 (eg, a dedicated security system or an AAA service, for example) Good.

  However, when performed at the serving PLMN 112, the verification procedure can extend the above group of features that may be performed by the network node 106 when performing the method 200. For example, using an asymmetric encryption scheme based on the public key of the home PLMN, where the public key is known to both the UE and the home PLMN, in one embodiment of verification is as follows. The verification includes that the network node 106 obtains encryption information for encrypting the secret identifier 110 from the home PLMN 114, for example. This encryption information includes the public key of the home PLMN 114 that can be used to encrypt the secret identifier 110 into the UE's public encrypted identifier. As described above, this public identifier may be initially obtained from the UE 102 by the network node 106 (or generally the serving PLMN 112). That is, the UE can generate the public identifier in advance by encrypting the IMSI of the UE with the public key of the home PLMN, and this public identifier (that is, the IMSI encrypted with the public key of the home PLMN) can be generated in the network. Can be sent to node 106. Once acquired by the network node 106, the encryption information is utilized by the network node 106 to generate an encrypted secret identifier by encrypting the acquired secret identifier 110 with the home PLMN's public key. Can be done. The network node 106 can proceed by comparing the resulting encrypted secret identifier with the public identifier previously received (and stored) from the UE. This comparison may result in a determination by the network node 106 that the encrypted secret identifier matches the public identifier. Such a match can indicate that the verification was successful. In one aspect, a measure defining a “match” may be preset by the user or by the home or serving PLMN. These measures for determining the existence of a match require exact bit-level matches, or specify the percentage, ratio, or raw number of matching bits that meet a given verification threshold measure By doing so, it may be adjusted to a desired level of accuracy. Regardless of the particular implemented measure for defining the success of the verification, if the measure is met, the network node 106 is based on determining that the encrypted secret identifier matches the public identifier, It can be verified that the public identifier and the secret identifier correspond to the same UE. As a result, requests from rogue UEs with public identifiers that do not “match” the revealed secret identifier 110 are effectively discovered and corrected to limit the distribution of the secret identifier 110 to unauthorized parties. In other words, actions such as lawful intercept become more reliable by determining that the UE and home PLMN are not deceiving the serving PLMN.

  In a first alternative embodiment of verification, an Elliptic Curve Integrated Encryption Scheme (ECIES) is used. Similar to the embodiment described above, the public key of the home PLMN is known to the UE 102 and the home PLMN 114, where the UE 102 has its own pair of public key and private key (ie, the public key and private key of the UE 102). Also have a pair). The UE 102 generates a first symmetric encryption key based on the private key of the UE 102 itself and the public key of the home PLMN 114. The public identifier is then generated by the UE 102 by encrypting the secret identifier (eg, IMSI) with the first symmetric encryption key. The public identifier and public key of the UE 102 are sent to the serving PLMN 112, which receives the public identifier and public key and forwards the public identifier and public key to the home PLMN 114 as well. Next, in addition to sending a secret identifier to the serving PLMN, the home PLMN uses the home PLMN private key and the received public key of the UE 102 to form a second symmetric encryption key generated by the home PLMN. To create and send encrypted information. The serving PLMN 112 can now verify the secret identifier received from the home PLMN 114 with a second symmetric encryption key and then compare the encrypted secret identifier with the public identifier. Matching is enabled by the fact that the first symmetric key and the second symmetric key with the cryptographic properties provided by a key exchange algorithm such as Diffie-Hellman are the same.

  The second alternative embodiment of verification is similar to the first alternative embodiment, but instead of encrypting the received secret identifier with the second symmetric encryption key, the serving PLMN sends the public identifier to the second And decrypting the decrypted public identifier with the secret identifier. FIG. 3 shows an example method 300 performed by the network node 116 of the home PLMN 114 to reveal the secret identifier 110 of the UE 102 served by the serving PLMN 112 to a completely different serving PLMN 112. According to example method 300, at block 302, the network node 116 determines to reveal a secret identifier 110 that uniquely identifies the UE 102 to the serving PLMN 112 of the UE 102. As described above, the secret identifier 110 is a secret shared between the UE 102 and at least the home PLMN 114. Further, example method 300 includes network node 116 revealing a secret identifier to a serving PLMN. In some non-limiting examples, revealing the secret identifier to the serving PLMN can include sending an EAP message that includes the secret identifier 110 to the serving PLMN. Regardless of the particular message format used to send the secret identifier 110 to the serving PLMN 112, the serving PLMN 112 may perform the operation 108 associated with the UE 102 using the revealed secret identifier 110.

  Although not explicitly shown in FIG. 3, method 300 may optionally include additional aspects, some of which have been introduced above with respect to method 200 performed on the serving PLMN 112 side. . For example, the network node 116 may perform authentication of the UE 102 as an optional further aspect of the method 300. Once authentication is performed at the home PLMN, it is guaranteed that the UE is at the serving PLMN. In performing this authentication, the network node 116 can receive, for example, the public identifier and / or pseudonym of the UE 102 (eg, the home PLMN 114 reveals the secret identifier 110 and / or verifies the UE 102). May be forwarded by the serving PLMN to the home PLMN 114 (in an explicit or implicit request to) and may be stored in the home PLMN, eg, from a previous authentication. When performing the authentication procedure, the network node 116 may determine that the UE 102 has been successfully authenticated based on the public identifier and / or the pseudonym. In some implementations, the determination by the network node 116 to reveal the secret identifier to the serving PLMN 112 requires successful authentication of the UE 102. However, in some examples, the success of such pre-authentication reveals the secret identifier 110 to a particular serving PLMN 112, despite the associated increased risk of spreading the secret identifier 110 to unauthorized parties. Is not necessary.

  In certain embodiments in which the serving PLMN performs an authentication procedure, the home PLMN 114 can communicate authentication information to the serving PLMN 112, and the authentication information is transmitted by the serving PLMN 112 (eg, at the network node 106) to perform independent authentication of the UE 102. ) Used. The authentication information may be formed in EPS-AKA format and may be communicated to the serving PLMN 112 via an authentication vector. Further, in some examples, the network node 116 may receive an authentication success message from the serving PLMN 112 that notifies the home PLMN 114 that the UE 102 has been successfully authenticated by the serving PLMN 112. Receiving the authentication success message can trigger the home PLMN 114 to reveal the secret identifier to the serving PLMN 112 in some examples. Revealing the secret identifier 110 can include the network node 116 sending the secret identifier 110 to the serving PLMN via a ULA message. However, in other implementations, prior UE authentication is not required, so network node 116 may in some cases (eg, by serving or home PLMN 114) before the UE is authenticated. By sending the secret identifier 110 to the serving PLMN 112, the secret identifier 110 can be revealed. In these examples, the network node 116 may send the secret identifier 110 to the serving PLMN 112 after the UE 102 is authenticated by the serving PLMN (eg, via an AIA message). Once authenticated at the serving PLMN, it is probably not guaranteed that the UE is in the serving PLMN, but the serving PLMN may still be liable.

  4, 5, and 6 present different examples of processing and signal flow for different examples of embodiments for revealing the UE 102 secret identifier 110 to the serving PLMN 112 of the UE 102. The example embodiments shown in FIGS. 4, 5 and 6 are in no way intended to be an exclusive set of all possible embodiments. Instead, these illustrated example embodiments represent a subset of possible embodiments contemplated by this disclosure.

  Looking at these illustrated examples of embodiments, FIG. 4 shows that authentication of the UE 102 is required before revealing the secret identifier 110 to the serving PLMN 112 and is public (ie, a pseudonym of the UE 102 or an encrypted long-term identifier). FIG. 6 shows an example implementation where authentication is performed at the home PLMN using an identifier that is not secret. As shown in FIG. 4, the serving PLMN can begin processing by determining the need to perform an action associated with the UE, where the UE's private identifier is a prerequisite for execution. Based on this determination, serving PLMN 112 sends a request to UE 102 for the public identifier of the UE (in some examples, if not already known by the serving PLMN). In response to the request, the UE 102 sends this public identifier to the serving PLMN 112, and upon receiving the public identifier, the serving PLMN 112 forwards the public identifier to the home PLMN 114. By transferring the public identifier to the home PLMN 114, the serving PLMN 112 can implicitly indicate to the home PLMN 114 that the serving PLMN 112 requests that the home PLMN 114 reveal the secret identifier 110 of the UE 112. In the alternative, the serving PLMN 112 can send a separate explicit request to the home PLMN 114 for the home PLMN 114 to reveal the secret identifier 110 of the UE 112.

  In the example of the embodiment of FIG. 4, after receiving the public identifier, the home PLMN 114 performs an authentication operation and determines that the authentication is successful. This successful authentication indicates that the UE 102 is actually in the serving PLMN 112 (eg, currently being served by the serving PLMN 112). Based on this successful authentication, the home PLMN 114 determines to reveal the secret identifier of the UE 102 to the serving PLMN 112 and proceeds to reveal the secret identifier to the serving PLMN 112. This can be done by sending the secret identifier in a dedicated message or piggybacking the secret identifier data on a scheduled or queued (and / or future) message that will be sent to the serving PLMN. May be carried out. After receiving the secret identifier, the serving PLMN 112 performs operations related to the UE.

  FIG. 5 shows another example of an implementation in which the UE verification procedure is performed by the serving PLMN 112. Again, in the example embodiment of FIG. 5, authentication of the UE 102 is required before revealing the secret identifier 110 to the serving PLMN 112, and authentication is performed at the home PLMN using the public identifier. In order to ensure readability, the initial steps in determining the need to perform UE-related operations, requesting public identifiers from the UE, and the serving PLMN performing the operations are not shown in FIG. Is sometimes included in this example of an implementation.

  As shown, the requested public identifier (eg, the IMSI of UE 102 encrypted with the public key of home PLMN 114) is returned by UE 102, and the serving PLMN is in memory (eg, the memory of one or more network nodes). ) Store the public identifier and then forward the public identifier to the home PLMN 114, which triggers the home PLMN 114 again to authenticate. When the authentication is successful, the home PLMN 114 determines to reveal the secret identifier to the serving PLMN 112. Further, because the encryption information is private (ie, a secret that can only be maintained by the home PLMN 114 and any other device that allows the home PLMN 114 to access the encryption information), the home PLMN 114 is encrypted to the serving PLMN 112 along with a secret identifier. Information can be sent. The encryption information can include a public key associated with the home PLMN 114. In an alternative implementation, the encryption information may be sent before (or after) the home PLMN 114 sends the secret identifier, and other examples where the encryption information was previously obtained by the serving PLMN 112 during separate processing iterations. Then it is not sent during subsequent processing iterations.

  Upon receiving the secret identifier and encryption information from the home PLMN 114, the serving PLMN 112 performs a verification operation, which helps to ensure that the public identifier does not correspond to a UE whose revealed secret identifier is different from the corresponding UE 102. there is a possibility. As explained with respect to the earlier figure, this verification can involve several steps, which use encryption information to generate an encrypted version of the secret identifier. May contain. Once the encrypted secret identifier is generated, the serving PLMN can compare it with the stored public identifier. If the comparison reveals that the public identifier and the encrypted secret identifier match (e.g., meet certain static or changeable measures that define the match), a single that is an authenticated subscriber of the home PLMN 114 The verification procedure may be successful in determining that the public identifier and the secret identifier correspond to the UE. Again, although not explicitly shown in FIG. 5, the serving PLMN can perform UE related operations after verification.

  FIG. 6 shows another example of an implementation in which the UE authentication procedure is performed by the serving PLMN 112. Similarly, the serving PLMN 112 of FIG. 6 performs the UE verification procedure outlined above for FIG. Unlike the embodiment that proceeds with FIGS. 4 and 5, in the example embodiment of FIG. 6, authentication of UE 102 before revealing secret identifier 110 to serving PLMN 112 is optional. Thus, before any authentication of the UE is performed (here, before authentication with the serving PLMN 112), the home PLMN 114 can reveal the secret identifier to the serving PLMN 112. On the other hand, the home PLMN 114 may be configured to request confirmation from the serving PLMN 112 that the UE has been successfully authenticated before deciding to send a secret identifier to the serving PLMN 112. Both of these options are shown in the processing and signal flow of FIG. 6, and the signal associated with these options is optionally selected by a dashed signal line (since “other” options can be implemented in any case). Indicated.

  Again, to ensure readability, the initial steps of determining the need to perform UE-related operations, requesting a public identifier from the UE, and the serving PLMN performing the operations are not shown in FIG. In some cases, included in this example of an implementation.

  When the requested public identifier is sent by the UE 102 to the serving PLMN 112, as shown at the top of the processing and signaling flow of FIG. 6, the serving PLMN 112 may be in memory (eg, memory of one or more network nodes). ) Store the public identifier, and then forward the public identifier to the home PLMN 114. However, rather than triggering authentication by the home PLMN 114 as in FIGS. 4 and 5, receiving a public identifier triggers the home PLMN 114 to send authentication information required for UE authentication to the serving PLMN 112. Further, as described above, the home PLMN 114 may in some cases (in one option where authentication or confirmation of the serving PLMN 112 is not required by the home PLMN 114 before revealing the secret identifier) before the authentication is performed by the serving PLMN 112. An identifier can be sent. This is represented by the uppermost broken signal line in FIG.

  Upon receiving the authentication information, the serving PLMN 112 can perform the UE authentication procedure. If the authentication fails, the process may be terminated and an indication of such failure may be sent to the home PLMN 114 in some cases (not shown). However, if authentication is successful and the home PLMN 114 requests confirmation of successful UE authentication before revealing the secret identifier, the serving PLMN generates an authentication confirmation message and sends it to the home PLMN 114. In response to receiving the authentication confirmation message, the home PLMN 114 determines to reveal the secret identifier to the serving PLMN 112.

  Further, as previously shown with respect to FIG. 5, the home PLMN 114 can send encryption information to the serving PLMN 112 along with a secret identifier, which can be sent to a single UE that is an authenticated subscriber of the home PLMN 114. And causing the serving PLMN 112 to perform a verification operation step of determining that the public identifier and the secret identifier correspond to each other. Again, although not explicitly shown in FIG. 5, the serving PLMN can perform UE related operations after verification.

  FIG. 7 illustrates further details of the example network node 106 of the serving PLMN 112 according to one or more embodiments. The network node 106 may perform, for example, a functional means (sometimes referred to herein as a module or component) or to perform a process that performs certain aspects described above with respect to FIGS. 2 and 4-6. Set through the unit. The network node 106 in some embodiments may be, for example, an acquisition means or unit 750 for acquiring a UE's secret identifier, an action performing means for performing one or more operations that request a specific UE's secret identifier, or Unit 760, an authentication means or unit 770 for performing UE authentication processing, and / or a verification means or unit 780 for performing a verification procedure associated with a particular UE. These and potentially other functional means or units (not shown) may be used in connection with the aspects of method 200 presented in FIG. 2 and / or as related to serving PLMN 112 and / or network node 106 as shown in FIG. The features described in FIG. 6 are performed together.

  In at least some embodiments, the network node 106 may implement the features described in connection with FIGS. 4-6, such as by implementing the processing of the method 200 of FIG. 2 and the functional means or units described above. One or more processing circuits 720 are configured to perform certain related processing. In one embodiment, for example, the processing circuit 720 implements functional means or units as individual circuits. Thus, the functional unit may be implemented with pure hardware such as an ASIC or FPGA. In another embodiment, the circuitry may comprise one or more microprocessors in this regard, with dedicated circuitry that performs certain functional processing, and / or a computer program product in the form of memory 730. In embodiments employing memory 730, memory 730 may be one or several types of memory, such as read-only memory (ROM), random access memory, cache memory, flash memory devices, optical storage devices, etc. The memory 730 stores program code that, when executed by one or more microprocessors, performs the techniques described herein.

  In one or more embodiments, the network node 106 also includes one or more communication interfaces 710. One or more communication interfaces 710 include various components (eg, antenna 740) for transmitting and receiving data and control signals. More specifically, interface 710 is typically configured to use known signal processing techniques according to one or more standards (eg, wirelessly via one or more antennas 740). ) Includes a transmitter that is configured to be a signal premise for transmission. Similarly, the interface includes a receiver configured to convert received signals (eg, via antenna 740) into digital samples for processing by one or more processing circuits. In one aspect, the acquisition module or unit 750 may comprise a receiver and may be in communication with the receiver. The transmitter and / or receiver may also include one or more antennas 740.

  One skilled in the art will also appreciate that the embodiments herein further include a corresponding computer program. The computer program 790 includes instructions that, when executed on at least one processor of the network node 106, cause the network node 106 to perform any of the individual processes described above. Further, the processing or functionality of the network node 106 may be considered to be performed by a single instance or device, and together a given serving PLMN so that all instances of the device perform all disclosed functionality. May be split across multiple instances of network node 106 that may exist. Further, network node 106 may be any known type of device associated with a PLMN that is known to perform the processing or function of a given disclosure. Examples of such network nodes 106 include eNBs, mobility management entities (MMEs), gateways, servers, and the like. In other words, the network node 106 may be a node in the core network part or access network part of the serving PLMN.

  FIG. 8 illustrates further details of an example network node 116 of the home PLMN 114, according to one or more embodiments. The network node 116 may, for example, be a functional means (sometimes referred to herein as a module or component) or to perform a process that performs certain aspects described above with respect to FIGS. 2 and 4-6. Set through the unit. The network node 116 may, in some embodiments, for example, determine means or unit 850 to determine whether to reveal the secret identifier of the UE, reveal means or unit 860 to reveal the secret identifier, and authenticate the UE. An authentication means or unit 870 for performing. These and potentially other functional means or units (not shown), such as those associated with aspects of method 300 presented in FIG. 3, and / or home PLMN 114 and / or network node 116, FIG. ~ Perform the features described in Fig. 6 together.

  In at least some embodiments, the network node 116 may implement the home PLMN 114 and / or network node 116 of FIGS. 4-6, such as by implementing the processing of the method 200 of FIG. 3 and the functional means or units described above. One or more processing circuits 820 configured to perform certain related processing of the features described in connection with In one embodiment, for example, the processing circuit 820 implements functional means or units as individual circuits. Thus, the functional unit may be implemented with pure hardware such as an ASIC or FPGA. In another embodiment, the circuit may comprise one or more microprocessors in this regard, with dedicated circuitry that performs certain functional processing, and / or a computer program product in the form of memory 830. In embodiments using memory 830, memory 830 may comprise one or several types of memory, such as read only memory (ROM), random access memory, cache memory, flash memory device, optical storage device, etc. Memory 830 stores program code that, when executed by one or more microprocessors, performs the techniques described herein.

  In one or more embodiments, the network node 116 also includes one or more communication interfaces 810. One or more communication interfaces 810 include various components (eg, antenna 840) for transmitting and receiving data and control signals. More specifically, the interface 810 is typically configured to use known signal processing techniques according to one or more standards (eg, wirelessly via one or more antennas 840). ) Includes a transmitter that is configured to be a signal premise for transmission. In one aspect, the reveal module or unit 860 may comprise a transmitter and may be in communication with the transmitter. Similarly, the interface includes a receiver configured to convert received signals (eg, via antenna 840) into digital samples for processing by one or more processing circuits. The transmitter and / or receiver may also include one or more antennas 840.

  One skilled in the art will also appreciate that the embodiments herein further include a corresponding computer program. The computer program 880 includes instructions that, when executed on at least one processor of the network node 116, cause the network node 116 to perform any of the individual processes described above. Further, the processing or functionality of the network node 116 may be considered to be performed by a single instance or device, and together a given home PLMN so that all instances of the device perform all disclosed functionality. May be split across multiple instances of network node 116 that may exist. Further, network node 116 may be any known associated with a PLMN that provides wireless communication services and / or network access to one or more UEs that are known to perform the processing or functions of a given disclosure. This type of device may be used. Examples of such network nodes 116 include eNBs, mobility management entities (MMEs), gateways, servers, and the like. In other words, the network node 116 may be a node in the core network part or access network part of the home PLMN.

  Embodiments further include a carrier for storing such a computer program. The carrier can comprise one of an electronic signal, an optical signal, a wireless signal, or a computer-readable storage medium (such as memories 730 and 830, respectively). The computer program in this regard can include one or more code modules or code parts corresponding to the means or units described above.

  As described above in conjunction with FIG. 1, the various nodes of the serving PLMN 112 may perform the steps considered to be in the serving PLMN or network node 106. FIG. 9 shows an embodiment of a serving PLMN included in this concept. The serving PLMN now comprises at least two network nodes. The first network node 900 is similar to the network node 106 that is configured to receive the secret identifier 110 from the home PLMN after the UE 102 has been successfully authenticated. The first network node can then initiate the second network node 902 to perform operation 108 using the secret identifier. When the serving PLMN authenticates, the third network node 906 of the serving PLMN may be configured to authenticate the UE 102 and communicate with the home PLMN, i.e. notify the home PLMN of successful authentication, Or specifically request the home PLMN to send the secret identifier 110 to the serving PLMN / first network node 900.

  Naturally, this embodiment may be performed in other ways than those specifically shown herein without departing from the essential features of the present invention. The embodiments are to be considered in all respects as illustrative and not restrictive, and all modifications that come within the spirit and equivalent scope of the appended claims are embraced therein. Is intended.

Claims (51)

A method performed by a network node of a serving terrestrial public mobile communication network (PLMN) associated with a user equipment (UE) comprising:
Obtaining a secret identifier that uniquely identifies the UE, wherein the secret identifier is shared between the UE and at least the home PLMN of the UE and shared by the home PLMN with the network node To get,
Using the secret identifier to perform an operation associated with the UE. Receiving from the UE a public identifier and / or pseudonym corresponding to the UE;
Forwarding the public identifier and / or pseudonym to the home PLMN,
Obtaining the secret identifier includes receiving the secret identifier from the home PLMN in response to the forwarding;
The method of claim 1.   The method of claim 2, wherein the secret identifier is received based on a successful authentication of the UE by the home PLMN.   4. The method of any one of claims 1 to 3, wherein obtaining the secret identifier comprises receiving an extended authentication protocol (EAP) message from the home PLMN. Receiving authentication information from the home PLMN, wherein the serving PLMN can authenticate the UE according to the authentication information;
3. The method according to claim 1 or 2, further comprising using the authentication information to determine by the serving PLMN that the UE is successfully authenticated.   6. The method of claim 5, wherein the authentication information is formed in an evolved packet system authentication and key agreement (EPS-AKA) format and communicated to the serving PLMN via an authentication vector.   Communicating an authentication success message to the home PLMN to notify the home PLMN that the UE has been successfully authenticated by the serving PLMN, wherein the authentication success message is sent to the serving PLMN; 7. The method of claim 5 or 6, further comprising triggering the home PLMN to send a secret identifier.   The method according to claim 5 or 6, wherein obtaining the secret identifier comprises receiving the secret identifier from the home PLMN before the UE is authenticated by the serving PLMN.   9. The method of claim 8, wherein receiving the secret identifier from the home PLMN includes receiving an authentication information response message from the home PLMN.   The method according to any one of claims 5 to 7, wherein obtaining the secret identifier comprises receiving the secret identifier from the home PLMN after the UE has been authenticated by the serving PLMN.   The method of claim 10, wherein receiving the secret identifier from the home PLMN includes receiving a location update response message from the home PLMN.   The method according to any one of claims 2 to 11, further comprising verifying that the public identifier and the secret identifier correspond to the UE. Verifying said
Obtaining encryption information for encrypting the secret identifier;
Generating an encrypted secret identifier by encrypting the secret identifier using the encryption information;
Based on the comparison, determining that the encrypted secret identifier and the public identifier match; and
The method of claim 12, comprising verifying that the public identifier and the secret identifier correspond to the UE based on determining that the encrypted secret identifier matches the public identifier. the method of.   The method of claim 13, wherein the encryption information includes a public key of the home PLMN. A method performed by a network node of a home terrestrial public mobile communication network (PLMN) associated with a user equipment (UE) comprising:
Determining to disclose a secret identifier uniquely identifying the UE to the serving PLMN of the UE, wherein the secret identifier is a secret shared between the UE and at least the home PLMN. To do
Revealing the secret identifier to the serving PLMN, the secret identifier enabling the serving PLMN to perform an operation associated with the UE using the secret identifier. Receiving the public identifier and / or pseudonym of the UE forwarded to the home PLMN by the serving PLMN;
Successfully authenticating the UE based at least on the public identifier and / or pseudonym;
The decision to reveal the secret identifier to the serving PLMN requires authentication of the UE's success;
The method of claim 15.   The method according to claim 15 or 16, wherein revealing the secret identifier to the serving PLMN comprises sending an extended authentication protocol (EAP) message to the serving PLMN.   The method of claim 15, further comprising communicating authentication information to the serving PLMN, wherein the authentication information allows the serving PLMN to authenticate the UE.   The method of claim 18, wherein the authentication information is formed in an evolved packet system authentication and key agreement (EPS-AKA) format and communicated to the serving PLMN via an authentication vector. Further comprising receiving an authentication success message from the serving PLMN notifying the home PLMN that the UE has been successfully authenticated by the serving PLMN;
20. A method according to claim 18 or 19, wherein receiving the authentication success message triggers the home PLMN to reveal the secret identifier to the serving PLMN.   20. A method according to claim 18 or 19, wherein revealing the secret identifier to the serving PLMN comprises sending the secret identifier to the serving PLMN before the UE is authenticated by the serving PLMN.   The method of claim 21, wherein sending the secret identifier to the serving PLMN comprises sending an authentication information response message.   21. Revealing the secret identifier to the serving PLMN includes sending the secret identifier to the serving PLMN after the UE has been authenticated by the serving PLMN. Method.   24. The method of claim 23, wherein sending the secret identifier to the serving PLMN includes sending a location update response message.   25. A method according to any one of claims 1 to 24, wherein the operation is associated with a lawful intercept of the UE.   25. Any of the preceding claims, wherein the operation is associated with providing one or more incentives to one or more UEs to connect to or remain connected to the serving PLMN. The method according to claim 1.   25. A method according to any one of claims 1 to 24, wherein the operation is associated with one or more quality of service parameters associated with the UE.   25. A method according to any one of claims 1 to 24, wherein the operation is associated with policy and / or charging control associated with the UE.   29. A method according to any one of claims 1 to 28, wherein the secret identifier is an unencrypted long term identifier.   18. A method according to any one of claims 2 to 4, 16, or 17, wherein the public identifier comprises an encrypted long-term identifier that is encrypted using the home PLMN's public encryption key. A network node of a serving terrestrial public mobile communication network (PLMN) associated with a user equipment (UE),
Obtaining a secret identifier that uniquely identifies the UE, wherein the secret identifier is shared between the UE and at least the home PLMN of the UE and shared by the home PLMN with the network node To get,
A network node configured to perform an operation related to the UE using the secret identifier.   32. A network node according to claim 31, further configured to perform the aspect according to any one of claims 2 to 14 and 25 to 30. A network node of a home terrestrial public mobile communication network (PLMN) associated with a user equipment (UE),
Determining to disclose a secret identifier uniquely identifying the UE to the serving PLMN of the UE, wherein the secret identifier is a secret shared between the UE and at least the home PLMN. To do
Revealing the secret identifier to the serving PLMN, wherein the secret identifier is configured to allow the serving PLMN to perform operations related to the UE using the secret identifier. Network node.   34. A network node according to claim 33, further configured to perform the aspect according to one of claims 15 to 30. A network node of a serving terrestrial public mobile communication network (PLMN) associated with a user equipment (UE),
A processor and a memory, wherein the memory contains instructions executable by the processor, and the instructions cause the network node to
Obtaining a secret identifier that uniquely identifies the UE, wherein the secret identifier is shared between the UE and at least the home PLMN of the UE and shared by the home PLMN with the network node A network node configured to perform obtaining and performing an operation associated with the UE using the secret identifier.   31. The memory contains instructions executable by the processor, and the instructions further configure the network node to perform the aspect of any one of claims 2-14 and 25-30. 36. The network node according to claim 35. A network node of a home terrestrial public mobile communication network (PLMN) associated with a user equipment (UE),
A processor and a memory, wherein the memory contains instructions executable by the processor, and the instructions cause the network node to
Determining to disclose a secret identifier uniquely identifying the UE to the serving PLMN of the UE, wherein the secret identifier is a secret shared between the UE and at least the home PLMN. And revealing the secret identifier to the serving PLMN, wherein the secret identifier uses the secret identifier to allow the serving PLMN to perform operations related to the UE. A network node that is configured as follows.   38. The memory of claim 37, wherein the instructions contain instructions executable by the processor, the instructions further configuring the network node to perform the aspect of any one of claims 15-30. The described network node. A network node of a serving terrestrial public mobile communication network (PLMN) associated with a user equipment (UE),
A first module configured to obtain a secret identifier that uniquely identifies the UE, wherein the secret identifier is shared between the UE and at least a home PLMN of the UE; A first module that is a secret shared with the network node;
A network node comprising a second module for performing an operation related to the UE using the secret identifier.   40. The network node according to claim 39, further comprising one or more modules configured to perform the aspect according to any one of claims 2 to 14 and 25 to 30. A network node of a home terrestrial public mobile communication network (PLMN) associated with a user equipment (UE),
A first module configured to determine to disclose a secret identifier that uniquely identifies the UE to a serving PLMN of the UE, wherein the secret identifier is between the UE and at least the home PLMN; A first module that is a shared secret;
A second module configured to reveal the secret identifier to the serving PLMN, the secret identifier enabling the serving PLMN to perform operations related to the UE using the secret identifier; A network node comprising a second module.   42. The network node according to claim 41, further comprising one or more modules configured to perform the aspect according to any one of claims 15-30.   31. A computer program comprising instructions that, when executed by at least one processor of a network node, cause the network node to perform the method according to any one of claims 1 to 30.   44. A carrier for containing the computer program of claim 43, wherein the carrier is one of an electrical signal, an optical signal, a wireless signal, or a computer readable storage medium. A method performed by a serving terrestrial public mobile communication network (PLMN) associated with a user equipment (UE) comprising:
Receiving a secret identifier uniquely identifying the UE from the home PLMN of the UE after the UE is successfully authenticated by a home PLMN or the serving PLMN, wherein the secret identifier is the UE and the Receiving the secret previously shared with the home PLMN of the UE;
Performing an operation associated with the UE. A method performed by a home terrestrial public mobile communication network (PLMN) associated with a user equipment (UE) comprising:
Determining to disclose a secret identifier uniquely identifying the UE to the serving PLMN of the UE, wherein the secret identifier is a secret shared between the UE and the home PLMN And
Revealing the secret identifier to the serving PLMN after the UE is successfully authenticated by the home PLMN or the serving PLMN, the secret identifier allowing the serving PLMN to perform an operation related to the UE. Including, revealing.   47. A method according to claim 45 or 46, wherein the secret identifier is an unencrypted long-term identifier, eg IMSI.   48. The method according to any one of claims 45 to 47, wherein the UE is authenticated by the serving PLMN.   49. The method of claim 48, wherein the secret identifier from the home PLMN is sent in a location update response message from the home PLMN.   50. A method according to any one of claims 45 to 49, wherein the action is a lawful intercept or charging control associated with the UE. A serving terrestrial public mobile communication network (PLMN) associated with a user equipment (UE), the serving PLMN comprising at least two network nodes;
A first network node is configured to receive a secret identifier uniquely identifying the UE from the home PLMN of the UE after the UE has been successfully authenticated by the home PLMN or the serving PLMN; A secret identifier is a secret shared between the UE and the home PLMN;
A second network node is configured to perform an operation associated with the UE using the secret identifier;
Serving Terrestrial Public Mobile Communication Network (PLMN).

Images